The Australian Government established the ‘Notifiable Data Breach’ (NDB) scheme, to ensure that affected individuals are notified about serious data breaches.
Click here to report a data breach
The NDB scheme applies to all businesses, government agencies and other organisations covered by the Australian Privacy Act 1988 (Privacy Act) and commenced on 22 February 2018.
What is a data breach?
A data breach occurs when personal information held by an organisation is lost or subjected to unauthorised access, modification, disclosure, or other misuse or interference.
Examples of a data breach include when:
- a device containing customers personal information is lost or stolen
- a database containing personal information is hacked
- personal information is mistakenly provided to the wrong person.
What is a Notifiable Data Breach?
A Notifiable Data Breach is a data breach that is likely to result in serious harm to any of the individuals to whom the information relates.
The NDB scheme requires organisations to notify any individuals affected by these serious data breaches.
This notice must include recommendations about the steps that individuals should take in response to a serious data breach. The OAIC must also be notified.
Organisations will need to be prepared to conduct quick assessments of suspected data breaches to determine if they are likely to result in serious harm.
How will the Qbit assist me to prepare for the NDB scheme?
Qbit will work with it's clients to develop practical guidance on complying with the NDB scheme.
Our NDB guidance will focus on key changes to current best practice, including the threshold for notifying a serious data breach, and assessing suspected data breaches. Our guidance will also clarify the OAIC’s regulatory role in the NDB scheme.
There will also be a series of consultation events on the NDB scheme held in Australian capital cities through the Privacy Professionals' Network.
Why is the NDB scheme important?
The NDB scheme will strengthen the protections afforded to everyone’s personal information, and will improve transparency in the way that business and agencies respond to serious data breaches.
RESPONDING TO DATA BREACHES
This in turn supports consumer and community confidence that personal information is being respected and protected.
It also gives individuals the opportunity to take steps to minimise the damage that can result from unauthorised use of their personal information.